nixos/modules/system/boot/systemd/fido2.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / system / boot / systemd / fido2.nix

at master 881 B view raw

 1{
 2  lib,
 3  config,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.boot.initrd.systemd;
 9in
10{
11  options = {
12    boot.initrd.systemd.fido2.enable = lib.mkEnableOption "systemd FIDO2 support" // {
13      default = cfg.package.withFido2;
14      defaultText = lib.literalExpression "config.boot.initrd.systemd.package.withFido2";
15    };
16  };
17
18  config = lib.mkIf cfg.fido2.enable {
19    boot.initrd.services.udev.packages = [
20      # TODO: Add a better way to include upstream rules files.
21      (pkgs.runCommand "udev-fido2" { } ''
22        mkdir -p $out/lib/udev/rules.d/
23        cp ${cfg.package}/lib/udev/rules.d/60-fido-id.rules $out/lib/udev/rules.d/60-fido-id.rules
24      '')
25    ];
26    boot.initrd.systemd.storePaths = [
27      "${pkgs.systemd}/lib/udev/fido_id"
28      "${cfg.package}/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so"
29      "${pkgs.libfido2}/lib/libfido2.so.1"
30    ];
31  };
32}